[Oisf-users] packet loss troubleshooting
Cooper F. Nelson
cnelson at ucsd.edu
Tue Dec 8 20:22:53 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You are dropping packets in the kernel.
If you do the math this is actually a 0.64%; which is under 1% and
considered normal. You can try increasing your net.core.* buffers via
sysctl, but in my experience suricata will always drops packets when
being started or under a DOS/packet-flood scenario.
As long as drops are under 1% over long periods you should be fine.
- -Coop
On 12/8/2015 7:14 AM, Yasha Zislin wrote:
> I am trying to narrow down good config to reduce packet loss. It seems
> that it is related to reassembly of streams.
> I keep getting reassembly gaps and therefore packet loss. Here is an
> example stats.log
> capture.kernel_packets | RxPFReth02 | 455937792
> capture.kernel_drops | RxPFReth02 | 2921250
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJWZzwdAAoJEKIFRYQsa8FWswUIAIvugaIlM7I/Z9rAW2HKB/1D
eLWsppn43PKHZhxNhcjl6GEWOrkcubi/E/Uh7dJNX4kyHek1Ee2H5cxeYRgQB2QB
2TD2gvoYsTHVcrIafg4i8vVYMbc6vHcJ0FD0s6uc5tBCCItJwwabCzCiCwuJn+gg
k0U2UKMnl0w80Xa7mLBBfxVZvFg0DNRPVTSBs5xVIiX9wUGupCCP8UhqI2bWAu68
QDcEaOwfwAJAYEai1lNX6RS8UG4HbRRwCB24E35kj71DUdColeYQs9tQcAD2oAQE
i1Nbky9Wq1UPQ4MNM9nRM+yuFsjzEwof1KMbfToSyJcD5KxTtLwbgTq2n9kQmnE=
=zN9b
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list